Date: Wed, 29 Jun 2005 21:36:49 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/bzip2 bzip2.c src/sys/netinet ip_fw2.c tcp_input.c Message-ID: <200506292136.j5TLanel046258@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
simon 2005-06-29 21:36:49 UTC
FreeBSD src repository (doc,ports committer)
Modified files:
contrib/bzip2 bzip2.c
sys/netinet ip_fw2.c tcp_input.c
Log:
Fix ipfw packet matching errors with address tables.
The ipfw tables lookup code caches the result of the last query. The
kernel may process multiple packets concurrently, performing several
concurrent table lookups. Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.
Submitted by: ru
Reviewed by: csjp, mlaier
Security: CAN-2005-2019
Security: FreeBSD-SA-05:13.ipfw
Correct bzip2 permission race condition vulnerability.
Obtained from: Steve Grubb via RedHat
Security: CAN-2005-0953
Security: FreeBSD-SA-05:14.bzip2
Approved by: obrien
Correct TCP connection stall denial of service vulnerability.
A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.
Submitted by: Noritoshi Demizu
Reviewed by: andre, Mohan Srinivasan
Security: CAN-2005-2068
Security: FreeBSD-SA-05:15.tcp
Approved by: re (security blanket), cperciva
Revision Changes Path
1.2 +329 -244 src/contrib/bzip2/bzip2.c
1.105 +20 -17 src/sys/netinet/ip_fw2.c
1.278 +1 -1 src/sys/netinet/tcp_input.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506292136.j5TLanel046258>